Quickstart: Enable enhanced soft delete in Azure Backup
This quickstart describes how to enable enhanced soft delete to protect your data and recover backups, if they're deleted.
Enhanced soft delete provides an improvement to the soft delete capability in Azure Backup that enables you to recover your backup data in case of accidental or malicious deletion. With enhanced soft delete, you get the ability to make soft delete always-on, thus protecting it from being disabled by any malicious actors. So, enhanced soft delete provides better protection for your backups against various threats. This feature also allows you to provide a customizable soft delete retention period for which soft deleted data must be retained.
Note
Once you enable the always-on state for soft delete, you can't disable it for that vault.
Before you start
- Enhanced soft delete is supported for Recovery Services vaults and Backup vaults.
- Enhanced soft delete applies to all vaulted workloads alike in Recovery Services vaults and Backup vaults. However, it currently doesn't support operational tier workloads, such as Azure Files backup, Operational backup for Blobs, and Disk and VM snapshot backups.
- For hybrid backups (using MARS, DPM, or MABS), enabling always-on soft delete will disallow server deregistration and deletion of backups via the Azure portal. If you don't want to retain the backed-up data, we recommend you not to enable the always-on soft-delete for the vault or perform stop protection with delete data before the server is decommissioned.
- There's no retention cost for the default soft delete duration of 14 days for vaulted backup, after which it incurs regular backup cost.
Enable soft delete with always-on state
Soft delete is enabled by default for all new vaults you create. To make enabled settings irreversible, select Enable Always-on Soft Delete.
Choose a vault
Follow these steps:
Go to Recovery Services vault > Properties.
Under Soft Delete, select Update to modify the soft delete setting.
The soft delete settings for cloud and hybrid workloads are already enabled, unless you've explicitly disabled them earlier.
If soft delete settings are disabled for any workload type in the Soft Delete blade, select the respective checkboxes to enable them.
Note
Enabling soft delete for hybrid workloads also enables other security settings, such as Multi-factor authentication and alert notification for back up of workloads running in the on-premises servers.
Choose the number of days between 14 and 180 to specify the soft delete retention period.
Note
- There is no cost for soft delete for 14 days. However, deleted instances in soft delete state are charged if the soft delete retention period is >14 days. Learn about pricing details.
- Once configured, the soft delete retention period applies to all soft deleted instances of cloud and hybrid workloads in the vault.
Select the Enable Always-on Soft delete checkbox to enable soft delete and make it irreversible.
Note
If you opt for Enable Always-on Soft Delete, select the confirmation checkbox to proceed. Once enabled, you can't disable the settings for this vault.
Select Update to save the changes.
Next steps
- Learn more about enhanced soft delete for Azure Backup.
- Learn more about soft delete of recovery points.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for